Cybercriminals from the Lockbit gang have given the City of Westmount another two weeks to pay a ransom, after last Sunday’s ultimatum expired. As for the City of Westmount and Mayor Christina Smith, they are leaking very little information on the work to restore its systems and establish what data the hackers stole during the November 20 attack.
Cybercriminals now claim on their site in the hidden web (dark web) that they will release the stolen data to Westmount on December 21 if they do not receive payment.
These extensions are typical of the gang that hit the municipality, according to experts consulted by The Press. “Lockbit normally offers this option at a cost,” says Stéphane Auger, vice president responsible for cybersecurity at Équipe Microfix, an IT company.
PHOTO PROVIDED BY THE CITY OF WESTMOUNT
Westmount City Hall
Hackfest co-founder Patrick Mathieu also believes that this grace period implies that the team managing this crisis for Westmount is in discussion with the pirates. “That means they’re negotiating and potentially paid a little to save time,” he said.
A city spokesperson declines to say whether Westmount is talking to cybercriminals.
Given that we are in the heart of our operations, this is information that we cannot comment on.
Mugisha Rutisisha, spokesperson for the City of Westmount
Deadlines to negotiate
Cybercriminals like Lockbit practice double extortion. Before damaging them, they steal the data of their victims so that they can publish them online if they do not cooperate.
Brett Callow, a cyberthreat expert at antivirus firm Emsisoft, also thinks Westmount may have paid some money to get more time before the leaked information was released, but not necessarily.
“Ultimately, Lockbit and other ransomware users don’t release the data until they conclude they have no chance of getting paid from a victim,” says Brett Callow. It is therefore far from unusual to see them stretch the deadlines, and it does not necessarily mean that the victim has paid a sum. »
No guarantee
One thing is certain, a payment would be far from guaranteeing that the data would not end up online anyway, experts say.
Stéphane Auger knows something about it. Although he advises against paying the ransoms to hackers who demand it, one of his clients whom he does not have the authorization to name did it anyway.
The stolen data first disappeared, but then it leaked again on their site, until the customer contacted them again.
Stéphane Auger, vice-president responsible for cybersecurity at Équipe Microfix
The cybercriminals then wiped the information from their site, but the episode, which occurred in November, shows that the stolen information is never really destroyed and could resurface at any time.
In an address to City Council on December 5, Mayor Christina Smith finally acknowledged what The Press wrote on November 21: The Lockbit ransomware gang is indeed responsible for the attack.
PHOTO HUGO-SÉBASTIEN AUBERT, LA PRESSE ARCHIVES
Westmount Mayor Christina Smith in 2018
“This group claims to have had access to a significant amount of City data that, for the most part, is already public in nature,” she said, according to a summary of her statement available online. She adds that the municipality has filed a complaint with the Montreal police.
November 23, The Press reported that the hackers gave an overview of the files they claim to have stolen on their site. Their site shows images of folders named “Candidates”, “Human Resources”, “Public Safety”, “Information Technology”, ” Mayor’s Office “(mayor’s office), ” Legal”.
According to Christina Smith, the situation is nevertheless “under control”. “We are already almost fully operational, and this in an exceptional time despite the circumstances,” she said on December 5.
The mayor also indicated that the “incident” will be the subject of a “detailed investigation” to find out how it could have occurred.